May 2020 Patch Bulletin
This is a big month with 111 unique CVE’s, 6 technologies with critical updates, but the good news is that there are no updates that were publicly disclosed or exploited in the wild.
Windows has numerous critical updates with a range of impacts.
For additional details, please find the information from Microsoft below:
| Technology | Products Affected | Severity | Reference | Workaround/Exploited/ Publicly Disclosed Vulnerability Info | |
|---|---|---|---|---|---|
| Windows | Windows 8.1, 8.1 RT, 10, Server 2012, 2012 R2, 2016, 2019 | Critical | CVE-2020-0909 CVE-2020-0963 CVE-2020-1010 CVE-2020-1021 CVE-2020-1028 CVE-2020-1048 CVE-2020-1051 CVE-2020-1054 CVE-2020-1055 CVE-2020-1061 CVE-2020-1067 CVE-2020-1068 CVE-2020-1070 CVE-2020-1071 CVE-2020-1072 CVE-2020-1075 CVE-2020-1076 CVE-2020-1077 CVE-2020-1078 CVE-2020-1079 CVE-2020-1080 CVE-2020-1081 CVE-2020-1082 CVE-2020-1084 CVE-2020-1086 CVE-2020-1087 CVE-2020-1088 CVE-2020-1090 CVE-2020-1109 CVE-2020-1110 CVE-2020-1111 CVE-2020-1112 CVE-2020-1113 CVE-2020-1114 CVE-2020-1116 CVE-2020-1117 CVE-2020-1118 CVE-2020-1121 CVE-2020-1123 CVE-2020-1124 CVE-2020-1125 CVE-2020-1126 CVE-2020-1131 CVE-2020-1132 CVE-2020-1134 CVE-2020-1135 CVE-2020-1136 CVE-2020-1137 CVE-2020-1138 CVE-2020-1139 CVE-2020-1140 CVE-2020-1141 CVE-2020-1142 CVE-2020-1143 CVE-2020-1144 CVE-2020-1145/a> CVE-2020-1149 CVE-2020-1151 CVE-2020-1153 CVE-2020-1154 CVE-2020-1155 CVE-2020-1156 CVE-2020-1157 CVE-2020-1158 CVE-2020-1164 CVE-2020-1165 CVE-2020-1166 CVE-2020-1174 CVE-2020-1175 CVE-2020-1176 CVE-2020-1179 CVE-2020-1184 CVE-2020-1185 CVE-2020-1186 CVE-2020-1187 CVE-2020-1188 CVE-2020-1189 CVE-2020-1190 CVE-2020-1191 | Workaround: No Public: No Exploited: No | Elevation of Privilege Remote Code Execution Spoofing Security Feature Bypass Denial of Service Information Disclosure |
| Edge HTML-based | Legacy | Critical | CVE-2020-1037 CVE-2020-1056 CVE-2020-1059 CVE-2020-1065 CVE-2020-1096 | Workaround: No Public: No Exploited: No | Spoofing Remote Code Execution Elevation of Privilege |
| ChakraCore | All | Critical | CVE-2020-1037 CVE-2020-1065 | Workaround: No Exploited: No Public: No | Remote Code Execution |
| IE | 11 | Critical | CVE-2020-1035 CVE-2020-1058 CVE-2020-1060 CVE-2020-1062 CVE-2020-1064 CVE-2020-1092 CVE-2020-1093 | Workaround: No Exploited: No Public: No | Remote Code Execution |
| Office, Office Services, Office Web Apps | 365 Apps for Enterprise Excel 2010, 2013, 2016, 2019, 2016 for Mac, 2019 for Mac SharePoint Enterprise Server 2013, 2016 SharePoint Foundation 2013 SharePoint Server 2020, 2019 Office 365 | Critical | CVE-2020-1024 CVE-2020-1099 CVE-2020-1069 CVE-2020-1100 CVE-2020-1103 CVE-2020-1107 CVE-2020-1105 CVE-2020-1106 CVE-2020-0901 CVE-2020-1023 CVE-2020-1101 CVE-2020-1102 CVE-2020-1104 | Workaround: No Exploited: No Public: No | Remote Code Execution Spoofing Information Disclosure |
| Visual Studio | 2017, 2019, Code | Critical | CVE-2020-1161 CVE-2020-1108 CVE-2020-1171 CVE-2020-1192 | Workaround: No Exploited: No Public: No | Denial of Service Remote Code Execution |
| Dynamics | Dynamics 365 Version 8.2, 9.0 | Important | CVE-2020-1063 | Workaround: No Exploited: No Public: No | Spoofing |
| .NET Framework | .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 | Important | CVE-2020-1066 CVE-2020-1108 | Workaround: No Exploited: No Public: No | Denial of Service Elevation of Privilege |
| .NET Core | .NET Core 2.1, 3.1 ASP .NET Core 3.1 | Important | CVE-2020-1108 CVE-2020-1161 | Workaround: No Exploited: No Public: No | Denial of Service |
| Power Bi | Power Bi Report Server | Important | CVE-2020-1173 | Workaround: No Exploited: No Public: No | Spoofing |
In case of any questions or clarifications please feel free to reach out to ECHO’s Service Desk.